Image via marketplace.org.
Posted on 04/29/2013 8:47:43 AM PDT by null and void
A security researcher was able to hack an aircraft's cockpit with an Android smartphone After you board a plane and are safely buckled in your seat, the pilot reminds you and the other passengers with their noses tucked into their touchscreens to power off all electronic devices. If they interfere with the in-flight management system, there could be some serious disturbances. But still, there are the few testy travelers who ignore the pilot's requests, because, really, how much harm can a little smart phone do?
Apparently a lot, as was evidenced by a security researcher, who claimed that he could hack into an aircraft's cockpit with his Android mobile phone.
Image via marketplace.org.
At the annual security conference, Hack In The Box, which took place in Amsterdam this year, security researcher, Hugo Teso, demonstrated that it's possible to take full control of aircraft flight systems and communications. All you need are two things: an Android smartphone and a specialized attack code.
Teso spent three years developing the attack code, which he named SIMON, and bought second-hand commercial flight system software and hardware off the Internet. By using the attack code, along with an Android app known as PlaneSploit, Teso found that he was able to take full control of flight systems as well as the pilot's displays. Even more shocking, the hacked aircraft could be controlled using a smartphone's accelerometer to vary its course and speed.
After discovering that the Automatic Dependent Surveillance-Broadcast (ADS-B) system, which updates ground controllers on an aircraft's position, was completely unsecure, Teso found it could be used to eavesdrop on an aircraft's communications as well as interrupt broadcasts or feed in misinformation.
The Aircraft Communications Addressing and Reporting System (ACARS), the communication relay between pilots and ground controllers, was also found vulnerable. By using a Samsung Galaxy handset, Teso demonstrated how to use ACARS to redirect an aircraft's navigation systems to different map coordinates. He was able to insert code into a virtual aircraft's Flight Management System, and by passing the code between the aircraft's computer unit and the pilot's display, Teso was able to take total control of what the aircrew would see in the cockpit.
Although some of this is doubtful, as the pilot has the option to override the automatic systems, the software could be used to easily control other functions, such as deploying oxygen masks and lights.
According to Teso, the Federal Aviation Administration and the European Aviation Safety Administration have been working on fixing the issues.
Please, please...after reading the original article, I detect a whole lot of bull Obama stinking it up.
My experience?
Retired USAF Flight test type, many degrees in math and EE.
Only “microsoft engineering” would let cockpit indications/controls be available to outside influences.
Boeing is in Seattle, Microsoft is in Seattle. Coincidence? I think not!
So as an ordinary member of the great unwashed I ask you what you’re saying.Are you saying “impossible” or are you saying “with a different approach to technology this couldn’t happen”?
This could take the ‘Blue Screen of Death’ to a whole new level.
Please expound...
Blue Screen of Jihad cominf soon to an airport near you.
Taking "control" of an aircraft would still require the pilots to load false ACARS messages from ACARS into the FMS and execute those fake flight plans, AND the ATC controllers would have to let it happen. Not likely.
In essence this guy isn't hacking a cockpit, he is hacking data feeds to the pilots.
Agreed! I call B.S. This would imply that airplane data channels and paths use WiFi, Bluetooth or Cellular-network frequencies (the only ones that the Samsung Galaxy can communicate over). They don’t - different frequencies for the links to ground-based sites, and data-paths between and among on-board flight-control systems are hard-wired.
Great argument to go back to steam gauges, ya think?
Exactly. Just the notion that critical flight systems are even using WiFi connections is absurd to the extreme. Nobody could be that stupid and design aircraft systems.
"The FAA is aware that a German information technology consultant has alleged he has detected a security issue with the Honeywell NZ-2000 Flight Management System (FMS) using only a desktop computer," the agency wrote, making something of a muddle of the facts.The statement went on to explain that although Teso may have been able to exploit aviation software running on a simulator, as he described in his presentation, the same approach wouldn't work on software running on certified flight hardware.
"The described technique cannot engage or control the aircraft's autopilot system using the FMS or prevent a pilot from overriding the autopilot," the FAA's statement explained. "Therefore, a hacker cannot obtain 'full control of an aircraft' as the technology consultant has claimed."
Looking at the Forbes article, it seems that there is a way to hack in to the communications that the plane uses to interact with controllers, but the FAA downplays the significance.
After reading the Forbes article, my opinion is somewhere in the middle: a hacker may not be able to get control of the plane, but he may be able to mess with communications and distract the pilots as they sort out what's happening. If this distraction happens on landing or takeoff, it may cause an accident.
Well, I am a CS and work on avionics and have written ACARS-based transports, and I could imagine this happening. I would like to see if he was able to interfere with the 429 bus somehow.
Looking at the Forbes article, it looks like the Samsung phone is used to control other hardware which does the actual RF stuff.
As someone actively employed in flight management and flight control systems, including navigation systems and ACARS, I call BS. ACARS is a simple messaging system that has been around for decades. In no way does an ACARS message directly feed the flight management system. The aircraft management systems are also in partitioned virtual computer segments and cannot event talk to each other.
Anyone knowing DO-178B Level ‘A’ & ‘B’ & ‘C’ systems knows this. Those that don’t usually believe hollywierd that a hacker can hack “the Pentagon” in 30 seconds if you just put a gun to their head.
Doesn’t the new 787 have Ethernet ports at each seat? Also, that network is only separated from the flight control network via a firewall. I would prefer two separate systems but they got the FAA to sign off on it.
“Just the notion that critical flight systems are even using WiFi connections is absurd to the extreme. Nobody could be that stupid and design aircraft systems.”
Actually, there are many untrained avionics guys looking to
use WiFi for data transfer and cockpit charting/management systems. It is amazing the stupidity of these guys when they claim “But WiFi can be secured!” The knowledge of engineers today is borderline idiocy.
There are WiFi based systems in avionics today. That said, there are some adults in charge and such nonsense never makes it to critical systems.
“Also, that network is only separated from the flight control network via a firewall.”
No, it is separated by much than that. I was an airborne avionics engineer on the 787 program. I can tell you first hand a simple firewall wasn’t even involved and there was far more separation than that. Hell, a firewall couldn’t even be used as where would you put it?
Thank you. The pilot flies the aircraft, not somebody on the ground. As far as I know, that doesn’t exist (yet, but who knows after a 9-11 scenario, to take control of the aircraft away from a hijacker?? Sorry for rambling...)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.